Koha-community/Koha: Main Koha release repository - Koha: The world's first free and open source library system

Main Koha release repository https://koha-community.org

Find a file

Jared Camins-Esakov 35b6a5ea11 Bug 3652: close XSS vulnerabilities in opac-export The opac-export.pl script had a number of XSS vulnerabilities relating to its error handling. To test: 1) Go to /cgi-bin/koha/opac-export.pl?op=export&bib=2&format=<h2>evil</h2> (substituting a valid biblionumber for the '2') 2) Notice that "evil" is rendered as an h2 heading. 3) Apply patch. 4) Notice that you now see the h2 tags, and they are not rendered by the browser. Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>		2012-10-24 15:40:18 +02:00
acqui	Bug 8570 follow-up removing tabs & improving indentation	2012-10-09 17:54:42 +02:00
admin	Bug 8772 - Uninitialized variable triggers error log entry in smart_rules.pl	2012-10-09 11:52:07 +02:00
authorities	Bug 8744: Thesaurus in authorities should not lock fields	2012-10-03 15:36:18 +02:00
basket	Bug 6050 Make calls to GetItemsInfo consistent	2011-06-14 14:12:02 +12:00
C4	Merge remote-tracking branch 'origin/new/bug_8636'	2012-10-12 11:55:14 +02:00
catalogue	Bug 8175 - check logs error or displays incorrectly in details.pl	2012-10-12 21:25:45 +02:00
cataloguing	Bug 8862 follow-up s/\t/4spaces/g	2012-10-12 22:19:25 +02:00
circ	circ/circulation.pl: force issuedate to a string to fix bug 8738	2012-10-05 17:37:48 +02:00
debian	Merge remote-tracking branch 'origin/new/bug_8233'	2012-10-05 12:00:06 +02:00
docs	Bug 7143 : New committer to history	2012-10-16 18:17:26 +02:00
errors	Housekeeping in errors scripts	2010-05-12 07:29:03 -04:00
etc	Bug 7475: Update configuration	2012-09-19 17:15:25 +02:00
install_misc	Bug 8478 - Update Ubuntu related files Updated installation instructions, cleaned up ubuntu-pkg-check.sh, renamed ubuntu*.packages files more consistently, updated files to include missing libraries, corrected incorrect libraries (yaz3->yaz4, mysqlclient v16 to v18, dropped the dev version of the client).	2012-09-05 11:01:04 +02:00
installer	Bug 8441: hides MODS export by default in French install	2012-10-10 16:56:09 +02:00
Koha	Bug 8652: Followup: add a default value for date_from	2012-10-09 11:27:42 +02:00
koha-tmpl	Bug 3652: [SIGNED-OFF] XSS fixes - follow up	2012-10-17 17:35:04 +02:00
labels	Bug 8442 - labels creator fixes for plack	2012-07-24 16:21:05 +02:00
members	Bug 8812 - Staff Client: Patron search should display branch name instead of branch code in results table	2012-10-11 11:17:06 +02:00
misc	Bug 8633 Manage OPAC alternate templates	2012-10-11 11:15:07 +02:00
offline_circ	Bug 8006 - Loading offline circulation does not anonymize	2012-06-20 19:40:41 +02:00
opac	Bug 3652: close XSS vulnerabilities in opac-export	2012-10-24 15:40:18 +02:00
patroncards	Bug 8315 - remove use C4::* version	2012-07-13 14:17:20 +02:00
reports	Bug 8811 - can't run report after saving	2012-10-05 17:25:18 +02:00
reserve	Bug 8675 Add hours and mins to renewal due date	2012-09-04 18:22:32 +02:00
reviews	Bug 1623 - Provide view of approved comments	2011-12-27 18:26:50 +01:00
rotating_collections	Bug 6553 : Follow up adding license statements	2011-08-13 19:54:38 +12:00
selenium	Adding selenium tests for filterMembers	2009-09-30 11:30:37 +02:00
serials	Bug 5335 follow-up: fixing Perl error	2012-10-01 18:47:28 +02:00
services	Bug 7178: Acquisition item creation improvement	2012-03-26 11:07:23 +02:00
skel	8268 Followup for creating var spool subdir.	2012-07-23 10:40:43 +02:00
sms	Bug 2505 - Add commented use warnings where missing in the sms/ directory	2010-04-21 20:25:08 +12:00
suggestion	Bug 8440: Dates does not appear in suggestions management	2012-07-24 17:04:32 +02:00
svc	Bug 7475: Teach matching rules to handle authorities	2012-09-19 17:15:56 +02:00
t	Bug 8652 follow-up adding more tests	2012-10-09 11:47:37 +02:00
tags	Bug 8315 - remove use C4::* version	2012-07-13 14:17:20 +02:00
test	Bug 5449: JSON malformed in Koha - Blocker with jQuery 1.4.x	2011-03-12 08:53:41 +13:00
tmp/modified_authorities
tools	Bug 8843 - Cannot export bibliographic records by call number	2012-10-12 16:38:50 +02:00
virtualshelves	Bug 7788: [SIGNED-OFF] Followup: GetShelf call in addbybiblio script corrected	2012-05-22 12:06:26 +02:00
xt	Bug 8470: remove depreciated H:T:P test	2012-07-26 14:53:13 +02:00
.htaccess	Fix file permissions: if it is not a script, it should not be executable.	2010-04-16 00:40:34 -04:00
.mailmap	7439 Mailmap for master	2012-01-27 12:27:58 +01:00
about.pl	Bug 8641 - Add information warning about log-in as root user to About->System information	2012-09-13 18:56:31 +02:00
changelanguage.pl	Bug 6755 Problems with switching languages	2011-09-23 09:47:09 +12:00
edithelp.pl	Bug 8622: Fix theme fallback	2012-09-05 11:39:14 +02:00
fix-perl-path.PL
help.pl	Bug 8705: Software error on help of main page	2012-09-17 18:24:11 +02:00
INSTALL	Bug 7759, update of install files to use background indexing (and some whitespace tidy)	2012-04-20 16:11:52 +02:00
install-CPAN.pl	Bug 5370: Fix all the references to koha.org	2010-11-08 09:41:49 +13:00
INSTALL.debian	Bug 8092 follow-up: Add optional dependency on CHI	2012-06-09 13:08:18 +02:00
INSTALL.fedora7	Bug 8092 follow-up: Add optional dependency on CHI	2012-06-09 13:08:18 +02:00
INSTALL.opensuse	Bug 7759, update of install files to use background indexing (and some whitespace tidy)	2012-04-20 16:11:52 +02:00
INSTALL.ubuntu	Bug 8092 follow-up: Add optional dependency on CHI	2012-06-09 13:08:18 +02:00
INSTALL.ubuntu.12.04	Bug 8478 - Update Ubuntu related files Updated installation instructions, cleaned up ubuntu-pkg-check.sh, renamed ubuntu*.packages files more consistently, updated files to include missing libraries, corrected incorrect libraries (yaz3->yaz4, mysqlclient v16 to v18, dropped the dev version of the client).	2012-09-05 11:01:04 +02:00
INSTALL.ubuntu.lucid	Bug 8092 follow-up: Add optional dependency on CHI	2012-06-09 13:08:18 +02:00
koha_perl_deps.pl	Bug 8485 - Make koha_perl_deps.pl batch friendly Added a -b flag for brief which outputs only the perl library name (Foo::BaR), and added a -r flag for required which filters the list to required=Yes perl libraries.	2012-08-31 17:35:49 +02:00
kohaversion.pl	Bug 5409 follow-up DBRev number	2012-10-08 17:03:37 +02:00
LICENSE	Update LICENSE with a fresh copy from upstream. This updates the FSF address, and refers to the LGPL with its current name, and changes a few other minor things of the typographical sort. No semantic changes.	2010-03-16 20:17:48 -04:00
mainpage.pl	Bug 6875 cleaning mainpage.pl	2012-02-15 14:58:31 +01:00
Makefile.PL	Bug 8742 - Example uses perl 5.8 in Makefile.PL	2012-10-10 17:03:25 +02:00
MANIFEST.SKIP	Bug Fixing : 3334	2009-06-19 06:33:34 -05:00
README	updated links in README	2010-05-24 08:14:16 -04:00
README.robots	Bug 6411 add another example to README.robots	2011-07-05 14:48:05 +12:00
rewrite-config.PL	Bug 8268 follow-up: rewrite config correctly	2012-08-28 18:02:42 +02:00

README

Koha is a free software integrated library system.

Koha is distributed under the GNU GPL version 2 or later.
Please read the file LICENSE for more details.

To install or upgrade Koha, please see the INSTALL file appropriate
to your platform.

Report bugs at http://bugs.koha-community.org/

Visit the Koha Project website at http://www.koha-community.org/